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Introduction 


Sun Tzu's Art Of War is one of my favorite books. I've read it many times, and its principles 
can still be applied in the 21st century, even in fields other than military strategy. 


As cyber-warfare has a lot in common with more traditional armed conflicts, | wondered 
how we could adapt this ancient writing to our modern cyber-world. 


So | mixed the ancient with the modern, even in the writing, assisted by Microsoft Copilot, 
Microsoft's artificial intelligence, to imagine how to adapt the strategies written by Sun Tzu 
for a pentest team, while keeping the original writing style. Here's the result of our 
collaboration. 


Happy reading! 


Franck Ridel 
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Il. Planning the Penetration Test 


1. Understand the Importance of Cybersecurity: Mastery of penetration testing is crucial 
for the integrity and safety of an organization’s digital infrastructure. 


2. AMatter of Security and Risk: Itis a critical endeavor that can lead to either 
safeguarding the organization or exposing it to significant threats. Therefore, it demands 
thorough and continuous attention. 


3. Five Key Factors: The success of penetration testing hinges on five essential elements 
that must be considered to assess the security landscape. 


4. These Elements Are: (1) Team Morale; (2) Environmental Conditions; (3) Network 
Topography; (4) Leadership; (5) Techniques and Protocols. 


5,6. Team Morale: Ensuring the penetration testing team is motivated and unified is 
essential. 


6. Acohesive team willtackle challenges effectively, undeterred by difficulties. 


7. Environmental Conditions: This includes factors such as the timing of the test, system 
uptime, and external conditions that might affect network performance. 


8. Network Topography: Understanding the layout and structure of the network, 
identifying high-risk and secure zones, and recognizing potential vulnerabilities. 


9. Leadership Qualities: The leader should exemplify wisdom, honesty, compassion, 
bravery, and strict adherence to protocols. 


10. Techniques and Protocols: This involves organizing the team effectively, defining 
roles and responsibilities, ensuring proper resource allocation, and managing the overall 
testing process. 


11. Master the Essentials: Every team member should be well-versed in these five 
elements; understanding them leads to successful penetration tests, ignorance leads to 
failure. 


12. Comparative Analysis: When planning, compare these aspects between your team 
and the target’s security measures to identify strengths and weaknesses. 


13. Consider These Questions: (1) Which organization has better team morale? (2) Which 
leader is more skilled? (3) Who has the advantage of timing and environment? (4) Whereis 
discipline stricter? (5) Which side has stronger defenses? (6) Which team is better trained? 
(7) Where is there more consistency in reward and punishment? 
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14. Forecasting Outcomes: Use these seven considerations to predict the success or 
failure of the penetration test. 


15. Heed Advice for Success: The team that follows this guidance will succeed and 
should continue to lead; those who ignore it will fail and should be replaced. 


16. Utilize Favorable Conditions: While adhering to this advice, also leverage any 
unexpected opportunities that arise. 


17. Adapt Plans as Needed: Be flexible and adjust plans according to the changing 
circumstances during the penetration test. 


18. Deception as a Strategy: All penetration testing strategies should incorporate 
elements of deception. 


19. Mislead the Target: Appear weak when strong, inactive when active, close when far, 
and distant when near to confuse the target’s defenses. 


20. Entice and Disrupt: Use attractive baits to lure the target into making mistakes and 
create apparent chaos to exploit vulnerabilities. 


21. Prepare for All Scenarios: If the target’s defenses are robust, be ready fora 
challenging test. If they are stronger, avoid direct confrontation and find alternative 
methods. 


22. Manipulate Emotions: If the target is easily angered, provoke them. Show apparent 
weakness to encourage overconfidence. 


23. Disrupt Comfort and Unity: Do not allow the target to remain comfortable. If their 
defenses are united, find ways to divide them. 


24. Surprise Attacks: Target areas where the defenses are unprepared and strike where 
least expected. 


25. Keep Strategies Secret: Do not reveal your plans beforehand to maintain the element 
of surprise. 


26. Thorough Preparation: Success in penetration testing comes from extensive pre-test 
planning. Those who plan thoroughly will succeed, while those who do not will fail. This 
principle allows predicting the likely outcomes. 
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Il. Executing a Penetration Test 


1. Understand the Resources Required: Effective penetration testing involves extensive 
resources: skilled personnel, specialized tools, and substantial logistical support. The 
costs can be significant, including both direct expenses and indirect expenditures. 


2. Avoid Prolonged Engagements: If a penetration test drags on without achieving results, 
the tools and techniques used will lose their effectiveness, and the team’s motivation will 
diminish. Prolonged efforts will deplete the team’s energy. 


3. Manage Resources Wisely: Extended tests can drain the organization’s resources, 
leading to inefficiency and reduced effectiveness. 


4. Beware of Exhaustion: When the team is worn out, motivation declines, tools are 
ineffective, and resources are depleted, competitors will seize the opportunity to outdo 
you. Even the most experienced teams cannot prevent the negative outcomes of such 
exhaustion. 


5. Avoid Unnecessary Delays: While rushing can be detrimental, prolonged testing rarely 
leads to clever solutions. Timeliness is crucial. 


6. Short Tests Yield Better Results: Protracted penetration tests do not typically benefit 
the organization. Quick, decisive engagements are more effective. 


7. Understand the Burden of Testing: Only those who comprehend the challenges of 
penetration testing can execute it profitably and efficiently. 


8. Be Efficient with Resources: Skilled penetration testers do not require multiple rounds 
of resource allocation. They plan and execute effectively with minimal logistical strain. 


9. Use Internal and External Resources: Bring necessary tools from your base, but 
leverage the target’s resources whenever possible to sustain the test. 


10. Minimize External Dependence: Relying on distant resources to maintain the test can 
strain the organization and reduce overall effectiveness. 


11. Watch for Inflationary Effects: The presence of an ongoing test can drive up costs, 
depleting resources and affecting the organization’s budget. 


12. Avoid Resource Drain: Depleting resources through prolonged testing will burden the 
organization, leading to financial strain. 
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13,14. Balance Expenditure and Effort: Excessive resource use for tools, software, and 
team maintenance can drain the organization’s funds. Effective testing should balance 
cost and effort to avoid financial stress. 


15. Leverage Target Resources: Smart testers use the target’s resources efficiently. 
Capturing and utilizing their tools and data can be far more effective than relying solely on 
internal resources. 


16. Motivate the Team: Success in penetration testing requires keeping the team 
motivated and rewarding achievements to maintain high morale. 


17. Reward Success and Integrate Gains: Recognize those who achieve significant 
breakthroughs. Use captured tools and data to enhance your capabilities, and treat any 
discovered vulnerabilities with importance. 


18. Strengthen with Acquired Assets: Incorporate the target’s resources and 
vulnerabilities into your strategies to enhance overall strength. 


19. Focus on Quick Victories: The primary goal of penetration testing is to achieve results 
swiftly, not to engage in lengthy, drawn-out efforts. 


20. Lead with Responsibility: The leader of the penetration test determines the outcome, 
influencing whether the organization will be secure or at risk. 
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Ill. Attack by Strategy 


1. Maintain Integrity of Target Systems: In penetration testing, the optimal approach is to 
assess the target’s systems without causing damage. It’s better to gain full access and 
understanding than to disrupt or destroy components. Capturing data and access intactis 
more valuable than causing system failures. 


2. Achieve Victory with Minimal Conflict: True mastery in penetration testing is not justin 
breaking through defenses but in subtly undermining the target’s security posture without 
triggering alarms or causing disruptions. 


3. Top Strategies for Penetration Testing: The highest level of skillis to thwart the target’s 
security strategies. Next is to prevent their security teams from coordinating responses. 
Following that is direct engagement with their defenses, while the least desirable approach 
is a prolonged and obvious attack on fortified systems. 


4. Avoid Direct Assaults on Fortified Systems: Attacking highly secured systems directly 
is inefficient. It takes extensive time and resources to overcome their defenses, which can 
be better spent finding alternative, less fortified entry points. 


5. Beware of Rash Actions: A frustrated tester might rush into an attack, leading to high 
resource expenditure and potential detection, resulting in failure. Direct attacks on strong 
defenses often lead to significant losses. 


6. Win Without Direct Confrontation: A skilled tester will compromise security without 
being detected, gain access to systems without triggering alarms, and achieve objectives 
efficiently without prolonged engagements. 


7. Preserve Resources for Complete Victory: By keeping the penetration testing team’s 
tools and skills intact, they can dominate the security landscape. A successful strategy 
involves minimalloss and maximum gain, leading to comprehensive success. 


8. Adjust Strategy Based on Strength: If the team vastly outnumbers the defenses, 
surround and overwhelm. If moderately stronger, direct attack. If numbers are equal, 
consider engagement. If outnumbered, avoid or retreat. 


9. Adapt to Circumstances: When equally matched, carefully plan engagements. If 
slightly weaker, avoid direct conflict. If significantly outmatched, withdraw to reassess. 


10. Recognize Limits of Smaller Teams: Asmaller team may put up a strong defense, but 
ultimately, a larger, well-coordinated team will prevail. 
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11. Leadership is Crucial: The team leader is critical to the success of the penetration 


test. A strong, capable leader ensures team effectiveness and success, while weak 
leadership results in failure. 


12. Avoid Common Leadership Mistakes: 


13. Misguided Commands: Ordering actions without understanding capabilities leads to 
failure. Effective commands must align with the team’s abilities. 


14. Inappropriate Management Styles: Managing a penetration testing team likea 
corporate department creates confusion and restlessness. Understand the unique 
demands and conditions of the team. 


15. Inadequate Utilization of Skills: Failing to match tasks with team members’ skills 


demoralizes the team and undermines confidence. Adapt roles to fit the circumstances 
and expertise. 


16. Consequences of Poor Management: Mismanagement leads to distrust and chaos 
within the team, resulting in missed opportunities and failures. 


17. Keys to Successful Penetration Testing: 
1. Know when to engage and when to hold back. 
2. Manage both strong and weak resources effectively. 
3. Ensure the team is motivated and unified. 
4. Be prepared to exploit the target’s unpreparedness. 
5. Operate independently with skilled leadership, free from undue interference. 


18. Knowledge is Power: Understand both your team’s strengths and the target’s 
weaknesses. This dual knowledge ensures success across multiple tests. Lacking 


understanding of the target results in mixed outcomes, while ignorance of both leads to 
consistent failure. 
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IV. Tactical Dispositions 


1. Prepare for Security Before Offensive: Skilled penetration testers first ensure they 
cannot be compromised, then wait for vulnerabilities in the target system to present 
themselves. 


2. Control Your Security, Exploit Their Weaknesses: While we can secure ourselves 
against being detected or blocked, opportunities to exploit target systems are created by 
the target’s own weaknesses. 


3. Defensive Assurance, Offensive Opportunity: Good penetration testers ensure they 
avoid detection or failure but must rely on target vulnerabilities for successful exploitation. 


4. Knowledge vs. Execution: Knowing how to breach a system doesn't always mean you 
can execute it flawlessly. 


5. Balance Defense and Offense: Securing against detection requires defensive 
strategies, while exploiting vulnerabilities requires offensive tactics. 


6. Defensive and Offensive Strength: Standing on the defensive shows we are cautious; 
launching attacks indicates we have found a significant vulnerability. 


7. Mastering Defense and Attack: Expert testers hide their activities deeply within the 
system’s environment and strike swiftly and unexpectedly when a vulnerability is 
identified, balancing protection and decisive victory. 


8. Anticipate Beyond the Obvious: Seeing an obvious vulnerability and exploiting itis not 
the pinnacle of penetration testing. 


9. Achieve Unseen Excellence: True excellence in penetration testing is achieving 
success without the target even recognizing the breach. 


10. Avoid Obvious Successes: Just as lifting a feather doesn’t showcase strength, 
obvious vulnerabilities are not a testament to a tester’s skill. 


11. Win with Ease and Subtlety: Skilled testers not only breach systems but do so 
effortlessly, avoiding detection and complexity. 


12. Unseen Victories: Such victories don’t seek fame but demonstrate efficiency and 
skill. 


13. Error-Free Operations: Achieving success by making no errors ensures victory 
because it means breaching systems already vulnerable. 
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14. Position for Infallibility: Effective testers position themselves to avoid detection and 
strike precisely when the target is most vulnerable. 


15. Plan for Certainty: A winning strategy involves ensuring success before even 
engaging, unlike a haphazard approach that seeks victory post-engagement. 


16. Cultivate Discipline and Strategy: Success comes from strict adherence to ethical 
guidelines, detailed planning, and disciplined execution. 


17. Methodical Approach to Victory: Penetration testing involves precise measurement, 
estimation, calculation, risk assessment, and execution. 


18. Sequential Analysis for Success: Measurement derives from understanding the 
environment, estimation from measurements, calculation from estimations, risk 
assessment from calculations, and victory from thorough risk assessment. 


19. Overwhelming Advantage: A well-prepared tester against an unprepared system is 
like a pound weight against a grain. 


20. Force of a Strategic Attack: The impact of a successful penetration test is like a flood 
bursting through a dam, overwhelming and precise. 
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V. Energy 


1. Scalable Management: Managing a large penetration testing team follows the same 
principles as managing a smallone: it’s all about breaking down tasks and assigning roles 
effectively. 


2. Consistent Tactics: Coordinating a large-scale test is no different from a small one: 
clear communication through signs and signals is key. 


3. Resilience through Strategy: Ensuring your team can handle any defensive measures 
involves using both direct and indirect approaches. 


4. Maximizing Impact: To ensure your penetration test is as effective as a grindstone 
againstan egg, focus on identifying and exploiting both weak and strong points in the target 
system. 


5. Direct vs. Indirect Methods: Use direct methods to initiate penetration, but rely on 
indirect methods to achieve success. 


6. Infinite Strategies: Indirect tactics, when used efficiently, are as endless as natural 
phenomena, continually renewing like the seasons. 


7. Limitless Combinations: Just as five musical notes can create endless melodies, basic 
testing techniques can combine into countless strategies. 


8. Diverse Techniques: Just as primary colors blend into numerous hues, basic 
penetration techniques can form countless attack vectors. 


9. Variety in Tactics: Like the basic tastes that combine into various flavors, simple direct 
and indirect methods in testing create limitless maneuvers. 


10. Endless Maneuvers: The combination of direct and indirect tactics results in an 
infinite variety of penetration strategies. 


11. Cyclical Tactics: Direct and indirect methods complement and follow each other, 
creating a continuous loop of strategies that are ever-evolving. 


12. Forceful Onset: A well-coordinated test can be as powerful and unstoppable asa 
torrent sweeping everything in its path. 


13. Decisive Action: The precision of a well-timed attack is akin to a falcon’s deadly 
SWOOp. 


14. Formidable and Decisive: A skilled tester will be both forceful in their approach and 
swift in making decisions. 
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15. Harnessing Energy and Decision: Energy in testing can be likened to drawing a bow; 
decision is the release that drives the attack. 


16. Order within Chaos: In the midst of a complex and chaotic testing environment, 
apparent disorder masks a well-structured strategy. 


17. Deceptive Appearances: Simulated chaos hides perfect coordination; feigned 
weakness conceals strength and readiness. 


18. Tactical Deception: Concealing true intentions involves detailed planning and 
strategic misdirection. 


19. Keeping Targets Off-Balance: A skilled tester uses deceptive tactics to manipulate 
the target’s actions, creating opportunities for exploitation. 


20. Strategic Lures: By offering bait, a tester can lead the target into traps set by ateam of 
experts. 


21. Synergy over Individual Effort: Effective penetration testing relies on the combined 
energy of the team rather than on individual heroics, selecting the right people for each 
task. 


22. Harnessing Collective Force: When working together, testers are like rolling logs or 
stones, gaining momentum and becoming unstoppable. 


23. Momentum of the Team: The collective energy of a well-coordinated team is like a 
stone rolling down a mountain, gathering unstoppable force. Thus, the power of a skilled 
team lies in its combined energy. 
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VI. Identifying Vulnerabilities and Strengths 


1. Prepare Early for Engagements: To ensure readiness, establish your presence in the 
network before the target organization detects your activities. Arriving late may result in a 
rushed and ineffective penetration test. 


2. Control the Testing Environment: Shape the testing conditions to suit your strategy, 
preventing the target from dictating the terms of engagement. 


3. Manipulate Perceptions: Create enticing scenarios to lure the target into exposing 
vulnerabilities, or introduce disruptions to force them to reveal weaknesses. 


4. Exploit Complacency: If the target’s defenses are lax, continuously probe and test for 
reactions. If they are resource-rich, aim to deplete those resources. If they are stationary, 
compel them to alter their security posture. 


5. Attack Unexpectedly: Target critical areas the organization must protect, moving 
swiftly to locations where they are least prepared. 


6. Operate Undetected: Conduct reconnaissance and attacks in areas with minimal 
security presence to avoid detection and maintain operational integrity. 


7. Focus on Weak Spots: Ensure success by targeting undefended or weakly defended 
systems. Secure your position by fortifying areas that are difficult to attack. 


8. Create Uncertainty: A skillful penetration tester confuses the target about where the 
next attack will occur, ensuring they cannot mount an effective defense. 


9. Master Stealth Techniques: Utilize advanced techniques to remain undetected, 
gaining control over the target’s security landscape. 


10. Exploit Vulnerabilities: Attack critical vulnerabilities swiftly to overwhelm defenses. 
Retreat quickly to avoid countermeasures. 


11. Divert Attention: If direct attacks are not feasible, create incidents elsewhere to draw 
the target’s resources away from your primary objective. 


12. Avoid Unwanted Engagements: To avoid confrontation, introduce anomalies that 
disrupt the target’s normal operations and cause confusion. 


13. Stay Invisible: By gathering intelligence on the target’s defenses while remaining 
undetected, concentrate your efforts on the most critical points. 


14. Maintain Unity: Keep your team coordinated while forcing the target to divide their 
resources, increasing the chance of a successful penetration. 


14 0f 35 


15. Overwhelm with Superior Forces: When attacking, ensure your team’s combined 
efforts target weaker sections of the defense, causing significant strain on the target’s 
resources. 


16. Conceal Intentions: Keep your planned targets secret to force the target to spread 
their defenses thin, making them more vulnerable. 


17. Exploit Distribution Weaknesses: Recognize that reinforcing one area weakens 
another. Target these weakened areas to exploit vulnerabilities. 


18. Create Strength through Deception: Gain numerical strength by forcing the target to 
prepare for multiple potential attacks, weakening their overall defense. 


19. Coordinate Attacks: Knowing when and where to attack allows for precise 
concentration of your resources, maximizing impact. 


20. Leverage Uncertainty: Without knowledge of your plans, the target cannot effectively 
coordinate their defenses, leaving them vulnerable. 


21. Negate Numerical Advantages: Even if outnumbered, exploit the target’s weaknesses 
and avoid direct confrontation to achieve victory. 


22. Uncover and Disrupt Plans: Investigate the target’s strategies and capabilities to 
thwart their operations and prevent them from mounting effective defenses. 


23. Force Revelations: Provoke responses from the target to uncover their operational 
principles and vulnerabilities. 


24. Assess Strengths and Weaknesses: Compare your capabilities with the target’s to 
identify where you hold an advantage and where they are vulnerable. 


25. Conceal Tactical Movements: The best defense is to hide your actions from the 
target, preventing them from anticipating your next move. 


26. Use Their Tactics Against Them: Understand and exploit the target’s strategies, which 
are often incomprehensible to others. 


27. Keep Strategy Hidden: While tactics may be visible, the underlying strategy should 
remain secret to prevent the target from countering your moves. 


28. Adapt Tactics to Circumstances: Do not rely on previously successful tactics. Adjust 
your methods based on the current situation and the target’s defenses. 


29. Flow Like Water: Avoid strong defenses and focus on exploiting weak points, justas 
water naturally avoids obstacles. 
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30. Strike at Weaknesses: In cybersecurity, aim to bypass strong defenses and target 
areas where the security posture is weak. 


31. Adapt to the Environment: Tailor your attack strategies based on the target’s 
defensive setup, much like water conforms to its surroundings. 


32. Embrace Flexibility: There are no fixed strategies in penetration testing. Continuously 
adapt to the changing conditions of the target’s defenses. 


33. Achieve Victory Through Adaptation: Success comes from modifying your tactics to 
outmaneuver the target, demonstrating superior strategic thinking. 


34. Understand Cycles and Timing: Recognize that just as natural elements and seasons 
change, so too do the target’s security measures and vulnerabilities. Adapt your strategies 
accordingly. 
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VII. Maneuvering 


1. Mission Directives: In penetration testing, the team receives its directives from the 
client or project manager. 


2. Team Cohesion: After assembling the team and aligning resources, ensure that all 
members are coordinated and synchronized before starting the engagement. 


3. Complex Tactics: Tactical maneuvering in penetration testing is challenging; it involves 
turning complex situations into opportunities and turning setbacks into advantages. 


4. Strategic Detours: Taking indirect routes to your goal, luring defenders away, and still 
reaching your target first shows mastery of strategic deception. 


5. Disciplined Execution: Effective maneuvering with a skilled team is beneficial; with an 
uncoordinated group, it is highly risky. 


6. Timely Advantage: Mobilizing a fully equipped team to exploit a vulnerability might be 
too slow. Deploying a quick response team may mean sacrificing some resources. 


7. Forced Marches: If your team makes a rapid, sustained effort without breaks to seize 
an opportunity, key team members may get caught or exhausted. 


8. Pace and Attrition: Strong performers may lead, while others fall behind. Only a small 
portion of the team might reach the objective on time. 


9. Measured Movements: If yourteam moves at a moderate pace, you risk losing the 
lead, and only a portion will reach the goal. 


10. Efficiency and Coordination: With a shorter but strategic approach, the majority of 
your team will achieve the objective. 


11. Logistical Necessities: A penetration testing team without necessary tools and 
resources is doomed; lacking backup support and supplies spells failure. 


12. Alliances and Intel: Don’t form partnerships or engage until you understand the 
intentions and capabilities of potential allies or competitors. 


13. Terrain Familiarity: Leading a team requires knowledge of the environment— 
understanding network architecture, potential obstacles, and system vulnerabilities. 


14. Local Insights: To leverage local advantages, use information from insiders or system 
experts. 
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15. Strategic Deception: Use misdirection and subterfuge to achieve success in 
penetration testing. 


16. Adaptive Strategies: Deciding whether to focus your efforts or spread them out 
depends on the specific circumstances. 


17. Swift and Coordinated: Be as swift as the wind in your actions, and as solid and 
unyielding as a forest in your coordination. 


18. Dynamic and Resilient: Be as fierce and consuming as fire when attacking, and as 
unmovable as a mountain in defense. 


19. Unpredictable and Decisive: Keep your strategies secret and unpredictable, and 
when you act, strike with the speed and force of a thunderbolt. 


20. Share the Spoils: When you breach a system, share the findings and rewards among 
your team; when you secure access, distribute responsibilities and benefits. 


21. Deliberate Planning: Think carefully and plan thoroughly before executing any 
actions. 


22. Art of Deception: Mastery in penetration testing involves using misdirection 
effectively. This is the art of maneuvering. 


23. Clear Communication: In the field, verbal commands may not suffice; hence, the use 
of signals and alerts is crucial. 


24. Focused Coordination: Use signals and alerts to ensure the entire team focuses on 
critical points during the test. 


25. Unified Effort: When the team acts as a cohesive unit, individual members cannot act 
out of sync. This is the art of managing large teams. 


26. Effective Signals: Use signals and alerts, like notifications and warnings, to guide the 
team’s actions day and night. 


27. Maintain Morale: Ateam can lose its motivation, and a leader can lose their 
composure. 


28. Monitor Energy Levels: Team morale is highest in the morning, wanes by midday, and 
is lowest in the evening, focused on wrapping up. 


29. Optimal Timing: A skilled tester avoids well-prepared defenses but attacks when they 
are vulnerable and weary. This is the art of timing. 
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30. Calm amidst Chaos: Stay disciplined and composed, waiting for disarray among the 
defenders. This is the art of maintaining control. 


31. Prepared and Patient: Be ready while the target struggles, stay rested while they are 
exhausted, and be well-supplied while they are lacking. This is the art of conserving 
resources. 


32. Evaluate Conditions: Don’t intercept when defenses are strong or attack when they 
are well-organized. This is the art of assessing conditions. 


33. Terrain Tactics: Avoid advancing uphill against defenses and do not engage when 
they have the high ground. 


34. Avoid Traps: Do not pursue defenders pretending to retreat; do not engage when their 
morale is high. 


35. Beware of Bait: Do not fall for traps set by the defenders. Do not disrupt a retreating 
team. 


36. Give an Out: When cornering defenders, always leave an escape route. Do not press 
a desperate opponent too hard. 


37. The Art of Engagement: These are the principles of strategic penetration testing. 
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VIII. Variation in Tactics 


1. Mission Directives: In penetration testing, the lead tester receives their objectives from 
the client or project manager, assembles the team, and focuses resources on the task. 


2. Strategic Positioning: When in a difficult network environment, avoid setting up 
persistent footholds. In areas with multiple access points, coordinate with your allies. 
Avoid staying in vulnerable or isolated positions. In confined situations, use clever tactics. 
In desperate scenarios, be prepared to take decisive action. 


3. Strategic Restraint: There are paths that should not be taken, targets that should not 
be attacked, systems that should not be breached, positions that should not be contested, 
and client directives that should not be followed if they compromise the mission. 


4. Tactical Mastery: The lead tester who understands the advantages of varying tactics 
knows how to effectively deploy their team. 


5. Practical Application: A lead tester who doesn’t understand the need for tactical 
variation may know the network well but will fail to leverage this knowledge effectively. 


6. Flexibility in Plans: A penetration tester who isn’t skilled in adapting plans, even if 
knowledgeable about key strategies, will fail to optimize their team’s potential. 


7. Balanced Planning: A wise lead tester blends considerations of both advantages and 
disadvantages in their plans. 


8. Tempered Expectations: By tempering our expectations with a blend of realistic 
assessment, we can achieve our key objectives. 


9. Seizing Opportunities: In difficult situations, being ready to seize any advantage can 
help extricate us from trouble. 


10. Disrupt and Distract: Undermine key defenders by causing damage, creating 
distractions, and keeping them constantly engaged. Use enticing baits to lure them into 
vulnerable positions. 


11. Preparedness: The art of penetration testing teaches us to rely not on the hope that 
defenses will be weak, but on our own readiness and capability to handle them; not on the 
chance that the target won't detect us, but on the assurance that our position and 
methods are sound. 


12. Dangerous Pitfalls: Five dangerous faults can affect a lead tester: (1) Recklessness, 
leading to project failure; (2) Cowardice, leading to capture or exposure; (3) Ahasty 


20 of 35 


temper, easily provoked; (4) Excessive pride, sensitive to criticism; (5) Over-concern for 
team members, leading to distraction and inefficiency. 


13. Avoiding Pitfalls: These five pitfalls can ruin a penetration testing engagement. 
Avoiding them is crucial for successful operations. 


14. Reflect and Learn: When a project fails and the lead tester is compromised, the 
cause can often be traced back to one of these five dangerous faults. Reflect on them to 
avoid future failures. 
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IX. The Team on the Move 


1. Initial Deployment: The lead tester receives objectives from the project manager, 
assembles the team, and focuses resources on the task. 


2. Strategic Positioning: Move quickly through challenging network segments and stay 
near accessible pathways. 


3. Secure Base: Establish your base in a strategic location, facing the primary access 
points, but avoid high-traffic areas for confrontations. 


4. Crossing Boundaries: After penetrating a segment of the network, quickly move to a 
secure location away from the entry point. 


5. Engagement Timing: If an opposing security team crosses a boundary, do not confront 
them head-on. Instead, wait for half of them to pass before initiating an attack. 


6. Strategic Positioning: Do not engage near a boundary the opponent has to cross. 


7. Upstream Advantage: Position yourself upstream and in an advantageous spot relative 
to the opponent. Avoid moving upstream to meet them directly. 


8. Marshy Networks: Traverse complex network segments quickly without delay. 


9. Fallback Strategy: In complex environments, have resources nearby and ensure your 
team has a defensible position. 


10. Environmental Awareness: In stable environments, secure an easily defensible 
position with natural barriers at your rear. 


11. Elevation and Visibility: Favor high ground for visibility and control, and ensure your 
position maximizes environmental advantages. 


12. Health Precautions: Ensure your team operates on solid ground to avoid technical 
issues and maintain operational readiness. 


13. Natural Barriers: Utilize the terrain to your advantage, positioning your team where 
natural barriers provide cover. 


14. Wait for Opportunity: If a network segment is too active or unstable, wait for it to 
stabilize before proceeding. 


15. Avoid Dangerous Zones: Stay clear of high-risk areas within the network, such as 
heavily monitored segments or traps. 
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16. Lure Opponents: Draw the opposing security team into vulnerable positions while 
avoiding these areas yourself. 


17. Thorough Recon: Scout and clear potential hiding spots for security tools and 
monitoring systems. 


18. Quiet Opponents: If the opponent remains inactive, they are likely relying on their 
defensive setups. 


19. Provoked Engagement: If the opponentis trying to provoke you, they want you to 
make the first move. 


20. Accessible Entrances: Easy access points may be traps set by the opponent. 


21. Movement Indicators: Unexpected activity in network segments can indicate 
impending security sweeps or changes. 


22. Ambush Signs: Anomalous data activity can signal traps or incoming security 
responses. 


23. Traffic Analysis: Analyze network traffic patterns to infer the movements and 
strategies of the opposing team. 


24. Behavioral Cues: Changes in behavior, such as increased security logs, indicate 
preparations for an attack. 


25. Formation Changes: Shifts in security team formations signal an impending 
confrontation. 


26. False Negotiations: Unsolicited peace offers without formal agreements indicate 
potentialtraps. 


27. Critical Movements: Significant changes in the security team's posture indicate 
critical moments in the engagement. 


28. Feints and Lures: Alternating advances and retreats by the opponent can be lures. 


29. Resource Shortages: Signs of security team members hesitating or retreating indicate 
resource depletion. 


30. Thirst for Resources: If security personnel use resources prematurely, it indicates 
resource strain. 


31. Missed Opportunities: If the opponent doesn't seize clear advantages, their team is 
likely exhausted. 
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32. Unoccupied Zones: Noisy or crowded areas are often unoccupied or minimally 
defended. 


33. Internal Disruption: Disturbances within the opponent’s team indicate weak 
leadership or internal conflict. 


34. Desperation Signals: Drastic measures like burning resources signify that the 
opponentis preparing for a last stand. 


35. Disaffection Signs: Low morale among the opponent's team members is evident 
through covert discussions or visible dissatisfaction. 


36. Reward and Punishment: Excessive incentives or punishments reveal the opponent's 
desperation or resource scarcity. 


37. Bluster and Retreat: Initial aggressive postures followed by retreat indicate a lack of 
strategic depth. 


38. Truce Proposals: Unexpected diplomatic overtures signify the opponent's desire fora 
pause or negotiation. 


39. Stand-offs: Prolonged stand-offs without engagement signal a need for increased 
vigilance. 


40. Strategic Focus: Maintain surveillance and consolidate resources when evenly 
matched with the opponent. 


41. Underestimation: Lack of preparation or underestimating the opponent leads to 
capture. 


42. Discipline and Affection: Enforce discipline only after earning the team's loyalty to 
ensure effectiveness. 


43. Balanced Leadership: Treat team members humanely while maintaining strict 
discipline for optimal performance. 


44. Consistent Training: Regular enforcement of commands during training ensures a 
disciplined and effective team. 


45. Mutual Trust: A leader who trusts their team and insists on adherence to orders 
fosters mutual respect and efficiency. 


24 of 35 


X. Terrain for Penetration Testing Teams 


1. Types of Network Environments: There are six types of network terrains: (1) Open 
networks; (2) Complicated networks; (3) Neutral networks; (4) Narrow gateways; (5) 
Elevated control points; (6) Distant segments from the primary target. 


2. Open Networks: Networks easily accessible by both the team and defenders are 
called open networks. 


3. Strategic Positioning in Open Networks: In open networks, secure elevated positions 
with good visibility, protect your communication channels, and you will have a tactical 
advantage. 


4. Complicated Networks: Networks that can be easily abandoned but are difficult to re- 
enter are called complicated networks. 


5. Engagement in Complicated Networks: If you catch the security team off guard, you 
can exploit this network. If they are prepared, retreat will be difficult, leading to potential 
failure. 


6. Neutral Networks: Networks where neither side benefits from initiating action are 
called neutral networks. 


7. Strategy in Neutral Networks: In neutral networks, even if the security team presents a 
tempting target, it is better to withdraw, lure them out, and then attack when they are 
exposed. 


8. Narrow Gateways: Secure narrow gateways first and fortify them, awaiting the security 
team. 


9. Occupied Gateways: If the security team controls a gateway, only engage if their 
defenses are weak. 


10. Elevated Control Points: If you can secure elevated positions first, do so and wait for 
the security team. 


11. Preoccupied Heights: If the security team has already taken these positions, do not 
follow. Instead, retreat and draw them out. 


12. Distant Segments: When operating far from the main target and if both teams are 
equally matched, it is disadvantageous to provoke an engagement. 


13. Principles of Network Terrain: These six types of network terrains should be studied 
by any lead tester in a responsible position. 
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14. Calamities from Leadership Faults: Six potential disasters can arise from leadership 
errors: (1) Panic; (2) Insurrection; (3) Collapse; (4) Devastation; (5) Chaos; (6) Defeat. 


15. Overwhelming Odds: A team will flee if faced with an opposing force ten times its 
size. 


16. Imbalance in Strength: If team members are strong but leadership is weak, 
insubordination occurs. If leadership is strong but the team is weak, collapse ensues. 


17. Uncontrolled Anger: If senior testers act on personal anger without coordination, it 
leads to ruin. 


18. Lack of Authority: If the lead tester is weak and commands are unclear, with no 
defined roles, chaos will result. 


19. Miscalculating Strength: If the lead tester misjudges the security team’s strength and 
deploys an inferior team against a superior one, the result is inevitable defeat. 


20. Avoiding Defeat: These six pitfalls should be carefully avoided by any lead tester. 


21. Environmental Advantage: The natural configuration of the network is an asset, but 
the ability to assess the adversary and navigate difficulties marks a great lead tester. 


22. Knowledge in Practice: Those who understand and apply these principles will 
succeed. Those who don’t will fail. 


23. Victory Assessment: If success is certain, proceed even if advised against it. If 
success is uncertain, do not engage regardless of directives. 


24. Selfless Leadership: Alead tester who advances without seeking glory and retreats 
without fearing disgrace, focusing solely on the mission, is invaluable. 


25. Team Loyalty: Treat your team with respect and they will follow you through any 
challenge; regard them as trusted colleagues, and they will stand by you unwaveringly. 


26. Authority and Compassion: If you are kind but fail to enforce discipline, your team 
becomes ineffective. 


27. Partial Knowledge: Knowing only your team’s capability or only the security team’s 
vulnerability is insufficient for success. 


28. Complete Knowledge: Understanding both your team’s readiness and the security 
team’s weakness is crucial but still incomplete without considering the environment. 


29. Holistic Strategy: Success requires knowing your team, the opponent, and the 
network terrain. 
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30. Strategic Confidence: An experienced lead tester never hesitates once the operation 
starts. 


31. Comprehensive Understanding: Knowing both your capabilities and the environment 
ensures consistent victory; understanding both adversary and terrain completes your 
strategic advantage. 
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XI. The Nine Situations for Penetration Testing 


1. There are nine strategic situations in cybersecurity penetration testing: (1) Internal 
Network; (2) Perimeter Security; (3) Targeted Application; (4) Open Network; (5) Multi- 
Platform Environment; (6) Deep System Integration; (7) Complex Infrastructure; (8) 
Restricted Access Areas; (9) Critical System Compromise. 


2. Testing within your own network is akin to operating on Internal Network grounds. 


3. Probing a system that is not deeply integrated or crucial to the targetis akin to 
operating on Perimeter Security grounds. 


4. Testing environments that could significantly sway the security posture if breached are 
equivalent to Targeted Application grounds. 


5. An environment where both the tester and the system have considerable freedom to 
maneuver is similar to Open Network grounds. 


6. Multi-Platform Environments are like key intersections, offering access to extensive 
domains if compromised first. 


7. Engaging in tests deep within an organization’s infrastructure, beyond initial defenses, 
is akin to operating in Deep System Integration grounds. 


8. Testing in Complex Infrastructures, like dealing with mountain forests and marshes, 
involves navigating through challenging and hard-to-traverse systems. 


9. Testing in areas with Restricted Access, where exit paths are limited and the risk of 
detection is high, is akin to being in hemmed-in grounds. 


10. Situations requiring immediate and decisive action to prevent severe damage, like a 
breach in critical systems, reflect Critical System Compromise grounds. 


11. Avoid aggressive testing on Internal Network grounds. Do not pause testing on 
Perimeter Security grounds. Do not attack without clear advantage on Targeted Application 
grounds. 


12. Do not block operations on Open Network grounds; instead, ensure collaboration on 
Multi-Platform Environment grounds. 


13. Focus on extracting valuable data on Deep System Integration grounds. On Complex 
Infrastructure grounds, maintain progress. 


14. Employ creative strategies on Restricted Access grounds. On Critical System 
Compromise grounds, engage decisively. 
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15. Skilled penetration testers know how to isolate segments of a system to prevent 
unified defense responses. 


16. When defenses appear coordinated, introduce chaos. 
17. Engage decisively when advantageous; hold when it is not. 
18. Seize control of critical assets early to dictate the engagement terms. 


19. Speed and surprise are crucial: exploit unpreparedness and access through less 
expected avenues. 


20. Penetration depth correlates with team cohesion and reduces the effectiveness of 
the target’s defensive responses. 


21. Utilize rich targets for resource acquisition during engagements. 


22. Prioritize the well-being of the team, avoid over-exertion, and keep tactics flexible 
and movements unpredictable. 


23. Push the team into scenarios with no retreat to maximize effort and commitment. 
24. Encourage resilience and determination when in hostile or challenging environments. 


25. Instill initiative and trust within the team to ensure fluid operations without constant 
oversight. 


26. Eliminate reliance on predictability or superstition; prepare to operate until mission 
completion. 


27. Motivate the team not through material gain but through commitment to success and 
operational longevity. 


28. Expect emotional responses under stress but prepare the team for decisive action 
when necessary. 


29. The skillful tactician adapts, reacting dynamically to threats from multiple vectors 
like the shuai-jan snake. 


30. An effective team collaborates under pressure despite internal conflicts, much like 
adversaries uniting in crisis. 


31. Reliance on static defenses alone is inadequate. 
32. Establish and maintain a high standard of courage and resolve within the team. 


33. Adapt strategies to leverage both strong and weak points in the target's defenses. 
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34. Guide the team as if they area single entity, with clear and precise direction. 
35. Maintain operational secrecy and order through disciplined leadership. 

36. Use misinformation to keep the team adaptable and the target off-balance. 
37. Constantly adjust tactics and plans to maintain the element of surprise. 


38. Commit fully at the decisive moment, ensuring the team is too invested to consider 
withdrawal. 


39. Emphasize mobility and unpredictability in operations, akin to navigating unknown 
terrain without a map. 


40. Engage the team fully into the operational risk to maximize focus and effectiveness. 


41. Understand and adapt to the various strategic environments, tailoring the approach 
to offensive or defensive needs. 


42. Deeper penetration in hostile territory increases team unity and reduces dispersion. 
43. Recognize the critical nature of transitioning from familiar to hostile environments. 
44. Deeper engagements require greater commitment and coordination. 

45. Prepare for high-risk scenarios with limited exit strategies. 

46. Foster unity and coordination on all operational grounds. 

47. Ensure swift support and reinforcement in contentious scenarios. 

48. Maintain vigilant security postures on open and accessible networks. 


49. Secure continuous resources and maintain momentum in critical system 
engagements. 


50. Prevent retreat and encourage commitmentin restricted scenarios. 


51. Highlight the inevitability of conflict to inspire determination and focus in desperate 
situations. 


52. Understand local conditions and potential allies before forming strategies. 
53. Ignorance of key principles in cyber warfare is unacceptable for successful leaders. 
54. Prevent enemy consolidation by disrupting their alliances and communication. 


55. Focus on strategic goals without unnecessary alliances or empowering potential 
adversaries. 


30 of 35 


56. Reward innovation and flexibility, and command dynamically to adapt to unfolding 
situations. 


57. Expose the team to real challenges to ensure readiness, keeping strategic plans 
confidential. 


58. Use peril to forge resilience and readiness for recovery. 
59. Exploit critical moments for decisive actions to achieve victory. 


60. Align actions closely with the enemy's movements and intentions for effective 
countermeasures. 


61. Persistent engagement will eventually lead to significant victories. 

62. Employ cunning and strategic deception to achieve objectives. 

63. Secure operational perimeters and control information flow from the onset. 

64. Command decisively and maintain control over all operational aspects. 

65. Exploit any vulnerability aggressively to gain an advantage. 

66. Anticipate and disrupt the enemy’s plans by controlling critical assets and timing. 


67. Adhere to structured protocols while remaining adaptable to seize decisive battle 
opportunities. 


68. Initiate engagement with caution, escalating aggressively when the opportunity 
arises. 
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XII. Penetration Testing Strategies 


1. There are five strategic methods of digital assault using the metaphor of fire. The first 
involves targeting the enemy’s operational base; the second targets their supply chains; 
the third targets their logistical support; the fourth targets their data storage and 
ammunition; the fifth involves deploying disruptive attacks within their network. 


2. To successfully execute a digital attack, resources must be prepared and tools must 
always be ready for deployment. 


3. There is an optimal time for launching attacks of this nature, including specific days 
when conditions are most favorable. 


4. The best time for these operations is during periods of digital vulnerability or when 
natural conditions disrupt enemy communications; the most opportune days are those 
when system traffic is expected to spike due to external events, enhancing the effect of the 
attack. 


5. When engaging in operations involving disruptive strategies, be prepared to handle five 
possible scenarios: 


6. (1) If a breach occurs within the enemy’s systems, immediately capitalize on this by 
launching an external assault. 


7. (2) Ifa breach has occurred but the enemy remains nonresponsive or unalerted, 
maintain your position and wait for an optimal moment to act. 


8. (3) When the impact of your initial breach has reached its peak, escalate the assault if 
viable; if not, maintain your current strategy. 


9. (4) If initiating an external breach is feasible, proceed without waiting for internal 
issues to arise within the enemy’s systems; strike when the moment is most 
advantageous. 


10. (5) When initiating any kind of disruptive action, position yourself in a superior 
strategic position—do not launch attacks from a disadvantaged stance. 


11. Digital disruptions initiated during active hours tend to have prolonged effects, 
whereas those that happen during off-hours may diminish quickly. 


12. Teams must be familiar with all potential digital disruption scenarios, monitor 
relevant data traffic and system activity, and choose the optimal times for action. 
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13. Intelligent use of disruptive tactics indicates strategic sophistication; leveraging 
defensive strategies to gain strength shows tactical acumen. 


14. Defensive measures can stallan enemy’s progress, but they cannot completely 
eliminate their capabilities. 


15. Itis disadvantageous to attempt winning strategies or launching attacks without 
proactive innovation and aggression; the result is often wasted effort and operational 
stagnation. 


16. Thus the principle: A visionary leader prepares well in advance; an effective strategist 
optimally utilizes available resources. 


17. Engage only when there is a clear benefit; deploy resources only when there is a 
tangible gain; engage in conflict only when absolutely necessary. 


18. Leaders should not deploy offensive strategies merely to satisfy personal desires; 
commanders should not engage in conflicts out of mere frustration. 


19. Advance your position if it benefits your objectives; if not, hold your position and 
maintain readiness. 


20. Frustration may eventually turn to satisfaction; displeasure may give way to 
fulfillment. 


21. Once a system or network is destroyed, it cannot be restored to its original state; 
similarly, data lost to breaches cannot be unmade. 


22. Therefore, a wise leader is always cautious, and a skilled strategist remains vigilant. 
This is essential to maintain peace and security within digital domains and ensure 
operational integrity. 
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XIll. Strategic Information Gathering in Penetration Testing 


1. Deploying a large team for extended penetration testing can significantly strain 
resources and affect productivity across your organization. Daily expenditures can be 
substantial, leading to operational fatigue and a slowdown in routine business processes. 


2. Prolonged engagements with adversarial entities, such as competitors in security, can 
extend for long periods, with decisive victories often hinging on critical information 
obtained in moments. Neglecting to invest in comprehensive intelligence due to cost 
concerns can be severely detrimental. 


3. Aleader unwilling to allocate resources for crucial intelligence gathering is ineffective, 
offers no real-time solutions, and fails to secure victories in cybersecurity. 


4. The ability of astute leaders and skilled cybersecurity heads to effectively counteract 
and outmaneuver threats hinges on advanced knowledge of adversary actions and 
intentions. 


5. This advanced knowledge cannot be gleaned from theoretical strategies alone; it 
doesn’t come from past experiences or simple logical deduction. 


6. Insight into the adversary’s strategies can only be directly obtained through human 
intelligence. 


7. Therefore, the use of various forms of intelligence operatives is critical, including local 
intelligence, insider threats, double agents, deceptive operatives, and direct 
reconnaissance. 


8. When these five types of intelligence collection are actively engaged, the security of 
their operations is greatly enhanced, often referred to as masterful orchestration of data 
and resources. 


9. Utilizing local intelligence involves leveraging information from entities within the 
target’s own environment. 


10. Employing insider intelligence means utilizing information from individuals within the 
adversary’s organization. 


11. Utilizing double agents involves turning the adversary’s own intelligence resources 
against them, gaining information from those initially planted to spy on your organization. 


12. Deploying deceptive operations involves performing certain actions intended to be 
observed by the adversary, guiding their perceptions and strategic responses. 
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13. Direct reconnaissance operatives are those who directly gather actionable 
intelligence from within the adversary’s infrastructure. 


14. Maintaining close and secure relationships with all intelligence resources is crucial; 
they should be highly valued and their information guarded with utmost secrecy. 


15. Effective use of intelligence operatives requires intuitive judgment to assess the 
value and truth of the information provided. 


16. Managing these resources effectively demands kindness and honesty to ensure 
loyalty and accuracy of the information. 


17. Discerning the truth from intelligence reports requires clever analysis and critical 
thinking. 


18. Be meticulous and strategic in deploying intelligence operatives across all areas of 
cybersecurity operations. 


19. If an operative reveals sensitive information prematurely, severe measures must be 
taken against all parties involved to maintain operational security. 
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